1 What We Collect
CF only collects what it needs to be a meaningful companion. Nothing more.
| Type | What | Why |
|---|---|---|
| Messages | Text you send to CF, and CF's responses | To remember your story, track your growth, and personalize replies |
| Voice | Audio recordings (only when you press-hold the mic) | Transcribed to text, then the audio is discarded — never stored as audio |
| Preferences | Persona choice (Mother/Teacher/Friend), learning progress, interests | To match CF's tone to your needs and recommend relevant learning paths |
| Usage | Feature clicks, course completions, time spent (anonymized) | To improve CF's quality — never for ads or selling |
| Consent | Your chosen memory level (None/Soft/Deep) and timestamp | To respect your privacy choice and prove compliance |
We do NOT collect: Real name, exact location, phone number, contacts, browsing history, or anything outside the CF experience.
2 Why We Collect It
Every piece of data serves one of three purposes:
- To improve CF — Understanding what helps you most so CF gets better at being a companion.
- To personalize — Remembering your journey so CF doesn't ask "How are you?" like a stranger every time.
- To keep you safe — Detecting crisis signals and connecting you to human help when needed.
We do not use your data for advertising, political profiling, or any purpose outside the CF experience.
3 How We Use Your Data
- Never sold. Your data is not a product. We will never sell, rent, or trade your personal information.
- Anonymized analytics. Usage patterns are stripped of identifiers and aggregated for product improvement.
- No third-party sharing. We don't share your data with advertisers, data brokers, or external partners. The only exception: if required by law (e.g., a valid court order).
- Research. Anonymized patterns may inform academic research on AI companionship and wellbeing, with ethics board approval.
4 How We Protect It
- Encryption at rest and in transit. All data is encrypted with AES-256 (rest) and TLS 1.3 (transit).
- Supabase Row Level Security. Your data can only be accessed by your authenticated session — not even our engineers can read it without a special audit trail.
- No third-party sharing. No integrations with analytics tools that share data (we use PostHog with IP anonymization and disabled data sharing).
- Regular audits. We review access logs quarterly and rotate API keys every 2 weeks.
- Incident response. If a breach occurs, you'll be notified within 72 hours and we'll publish a transparent incident report.
5 Your Rights
You have full control over your data at all times:
- View — Open your Memory Dashboard to see everything CF remembers about you.
- Edit — Change any memory entry if CF misunderstood something.
- Delete — Erase individual memories or your entire history permanently. No questions, no waiting period.
- Export — Download all your data as a JSON file, readable by you and portable to other platforms.
- Revoke — Change your consent level anytime from Settings. Previous data is deleted or anonymized according to your new choice.
For Indian users: these rights align with the Digital Personal Data Protection (DPDP) Act 2023. For EU users: these rights align with GDPR. For everyone else: we extend these rights to you regardless of where you live.
6 Data Retention
| Data Type | Retention | Why |
|---|---|---|
| Chat messages (Soft consent) | 30 days | Recent context for warm conversations |
| Chat messages (Deep consent) | Until you delete or revoke | Full journey memory |
| Consent records | While account is active + 2 years | Legal compliance and proof of consent |
| Anonymized analytics | Indefinite (no identifiers) | Product improvement |
| Deleted data | Removed within 48 hours | Your deletion is immediate; cleanup runs daily |
7 Contact Us
Questions about your privacy? Want to exercise your rights? Reach us directly:
If you believe we've mishandled your data, you can also file a complaint with India's Data Protection Board (for Indian users) or your local data protection authority (for EU users).